Cirq icon indicating copy to clipboard operation
Cirq copied to clipboard

Published 20 hours ago verified publisher icon quantumlib

Unpin dependencies' versions

Open NoureldinYosri opened this issue 1 year ago • 3 comments

Description of the issue We have several dependencies pinned at specific old version because newer version break the CI. Ideally we should either not have a version requirement of have version requirement beyond a specific release (e.g. >= or >). specifying a version requirement with ==, ~=, <=, < shouldn't be used.

The list of requirements that should be unpinned is in cirq-core/requirements.txt:

  • [x] matplotlib~=3.0 (pavoljuhas) leave as is, this pins the major version and includes the latest matplotlib-3.9.0
  • [x] numpy~=1.16 done in #6591
  • [x] sortedcontainers~=2.0 (pavoljuhas) leave as is, pins the major version and includes the latest sortedcontainers-2.4.0

in cirq-core/cirq/contrib/requirements.txt:

  • [x] pylatex~=1.3.0 --> pylatex~=1.4 done in #6516, includes the latest pylatex-1.4.2
  • [x] quimb~=1.6.0 --> quimb~=1.7 done in #6516, includes the latest quimb-1.8.1
  • [x] numba~=0.58.0 deleted in #6516, transitive dependency of quimb

in dev_tools/pr_monitor/requirements.txt: (pavoljuhas) - only used in containerized tool, defer after 1.4

  • [ ] requests==2.31.0
  • [ ] google-cloud-secret-manager==1.0.0

in dev_tools/requirements/deps/protos.txt:

  • [x] grpcio-tools~=1.56.0 --> grpcio-tools~=1.59.0 done in #6516, first version compatible with Python 3.12
  • [x] mypy-protobuf==3.4 (pavoljuhas) leave as is, works with the grpcio-tools

in dev_tools/requirements/deps/format.txt:

  • [x] black==23.3.0 --> black==14.3.0 done in #6512

in dev_tools/requirements/deps/dev-tools.txt:

  • [x] qiskit-aer~=0.12.2 --> qiskit-aer~=0.12.0 done in #6516, 0.12.* is compatible with OpenQASM 2.0. 0.12.0 installs with Python 3.12
  • [x] rstcheck~=3.3.1 --> rstcheck done in #6616

in dev_tools/requirements/deps/pylint.txt:

  • [ ] pylint~=2.13.0

in dev_tools/requirements/deps/mypy.txt: (pavoljuhas) - defered to #6617

  • [x] mypy==1.2.0
  • [x] types-backports==0.1.3
  • [x] types-protobuf~=3.20
  • [x] types-requests==2.28.1
  • [x] types-setuptools==62.6.1

in dev_tools/requirements/deps/notebook.txt:

  • [x] notebook>=6.4.1,<=6.4.7 --> notebook~=7.0 done in #6616, includes latest notebook-7.2.0
  • [x] ipykernel==5.3.4 --> ipykernel~=6.29 done in #6616, includes latest ipykernel-6.29.4
  • [x] papermill~=2.3.2 --> papermill~=2.6 done in #6616, includes latest papermill-2.6.0
  • [x] seaborn~=0.11.1 --> seaborn~=0.12 done in #6603, includes latest seaborn-0.13.2

in dev_tools/requirements/deps/pytest.txt:

  • [x] pytest-cov~=3.0 --> pytest-cov done in #6602
  • [x] coverage<=6.2 --> coverage~=7.4 done in #6602, has restored annotate, includes the latest coverage-7.5.3
  • [x] pytest-xdist~=2.2.0 --> pytest-xdist done in #6602
  • [x] filelock~=3.0.12 --> filelock~=3.1 done in #6516, includes the latest filelock-3.14.0
  • [x] freezegun~=0.3.15 --> freezegun done in #6602

Optionally these verndor related requirements should be unpinned

in cirq-aqt/requirements.txt:

  • [x] requests~=2.18 (pavoljuhas) leave as is, includes the latest requests-2.32.2

in cirq-pasqal/requirements.txt:

  • [x] requests~=2.18 (pavoljuhas) leave as is, includes the latest requests-2.32.2

in cirq-ionq/requirements.txt:

  • [x] requests~=2.18 (pavoljuhas) leave as is, includes the latest requests-2.32.2

in cirq-rigetti/requirements.txt:

  • [x] pyquil>=3.2.0,<4.0.0 (pavoljuhas) - wip in #6281 after which merge the minimum attrs version in #6633

NoureldinYosri avatar Feb 14 '24 19:02 NoureldinYosri

specifying a version requirement with ==, ~=, <=, < shouldn't be used.

I feel it depends case to case. Expressions like matplotlib~=3.0 freeze the major version numbers only so we have some assurance there would be no API-breaking changes; at the same time we should be getting minor upgrades and have a decent range of compatible versions. The last stable matplotlib is at 3.8.2 so that requirement allows for the newest version.

For the requirement specifications under dev_tools/requirements it may be good to pin to specific versions such as black==23.3.0. These packages are for development environment where it is good to have the same code formatter and linter versions as used in the CI. It should also avoid surprises that the CI checks would stop passing because of a newer formatter or linter release.

pavoljuhas avatar Feb 15 '24 01:02 pavoljuhas

I apologize if this is off the mark, but my $0.02 based just on general principles is that I agree with Pavol.

For non-dev requirements, not using a version requirement or setting only a minimum version (using >= or >) would seem risky for users. As you know, major version changes in packages like Matplotlib or Numpy could very well introduce breaking changes. A new cirq-core release could address the resulting incompatibilities, but users might choose not to update their version of cirq-core right away, or they may not be able to update right away because they have a dependency on a pinned version of cirq-core in other software of theirs. If the cirq-core requirements only set a minimum version, then if the users update their copies of Matplotlib or Numpy or whatever, they may experience errors. (On can image a worst-case scenario where there are no overt errors yet some cirq behaviors potentially change, or numerical results are off, etc., however likely that is.)

So, in the end, it seems like specifying the requirements as, e.g., sortedcontainers~=2.0, is preferable for the non-dev requirements.

mhucka avatar Mar 27 '24 16:03 mhucka

Partially implemented in #6616 - sufficient for the 1.4 release.

Reopening to track the leftover dependencies.

pavoljuhas avatar May 29 '24 18:05 pavoljuhas